Snowden: Movie Magic and Sobering Reminders

Slack AliceSlogger, Infosecurity Magazine

Reviews are starting to come in for the film Snowden, which was released over the weekend to remind us all that a Big Brother world is not as unfeasible of a reality as we perhaps once thought it was.

Directed by Oliver Stone (who else? The maestro of conspiracy theory films is the only perfect pick for this), the film examines Snowden’s theft and subsequent leaking of tens of thousands of classified documents, leading to the revelations of mass surveillance of US citizens on the part of the NSA. Whether you think he’s a traitor (and let’s face it—holing up in Russia doesn’t help with that image) or a supremely ethical whistleblower (certainly Stone’s opinion), it’s irrefutable that those actions have sent ripple effects throughout society, both domestically and internationally.

The film has a certain “truthiness” to it. Sure, there’s the only slightly telegenic casting of Joseph Gordon-Levitt as the eponymous subject, and most reviewers call the flick “restrained” for Stone—certainly compared to his exuberantly insane handling of the JFK assassination:

“There are very few wild, bravura visual flights and not much in the way of wild conspiracy-mongering. Edward is a rational, ethical creature—responsibility is one of his favorite words—and the movie takes pains to be reasonable,” said the New York Times in its review.

That said, movie magic has added a serious kick-ass action overlay to the proceedings. Climbing into the way-back machine to visit June 2013 apparently granted Stone some serious license when it comes to how things went down. The hotel room in Hong Kong where the documents are given to journalists is gorgeously film-noir, and an “am I being paranoid,” febrile hum of electronics plays on throughout. And as Fortune points out, “near the climax of the film, Snowden must confront his former mentor, who is depicted as a giant head on a giant computer screen bearing down on the protagonist.” Visually cool, but I doubt that real events were quite that awesomely surreal. But that’s the beauty of film-making.

Mostly though, it should be said that Snowden asks the right questions and points out the right dangers of a government spying program built to circumvent any semblance of privacy for citizens, unfettered by any possible legal consequences. The effects of Snowden’s revelations could be one of the more important turning points in US cultural history; the scales have permanently fallen from our eyes.

ESET senior security researcher Stephen Cobb noted via email that four significant security and privacy assumptions that have forever been changed due to Snowden:

Organizations can keep secrets digitally – The ease at which digital copies of information can be made and circulated has created an entirely different reality from the analog world.

External attackers are the biggest threat – How can organizations ramp up defenses against external attackers while not losing sight of the very real potential of internal threats?

Digital communications are private and secure – Accumulating information about people is risky business, even when doing it legitimately, how do we know it is not going to be compromised?

Technological innovation is bound to produce solutions to these problems – Snowden’s revelations have contributed to a perceptible erosion of trust in the privacy and security of digital technology and can very much undermine hopes of a better tomorrow through digital technology.

There’s also another aspect—There’s actually been little attention paid to how Snowden actually breached the NSA. There are lessons for businesses here.

“From our research three years ago, it is clear that Snowden was able to subvert encryption—the technology that enables security and privacy on everything from websites to private data at the NSA—to sneak data out undetected,” Kevin Bocek, vice president of Security Strategy & Threat Intelligence at Venafi, said in an emailed note. “It was only after a leaked memo from the NSA to Department of Justice that confirmed Snowden used a colleague's digital certificate to gain unauthorized access to an encrypted tunnel. By using privileged credentials, Snowden was able to encrypt the data he stole so it was invisible to NSA’s security technology.”

So what’s the takeaway? “With the increased use of encryption globally and the limited visibility most organizations have into the security instruments that control encryption, every business today is at risk for a Snowden-like insider attack,” Bocek added.